Tag: finance
-
M&S boss says two big UK firms hit by unreported cyber-attacks
Archie Norman tells MPs companies should be legally required to report major hacks<ul><li><a href=”https://www.theguardian.com/business/live/2025/jul/08/stock-markets-trump-tariff-letters-august-deadline-obr-uk-public-finances-marks-spencer-cyber-hack-business-live-news-updates”>Business live latest updates</li></ul>UK businesses should be legally required to report major cyber-attacks, the boss of Marks & Spencer has suggested as he claimed two hacks involving “large British companies” had gone unreported in recent months.In evidence to MPs about the impact…
-
Infostealers-as-a-Service Push Identity Hacks to Record Highs
Identity-based cyberattacks soar 156%, driven by cheap Phishing-as-a-Service infostealer malware. Learn how criminals bypass MFA to steal credentials, access bank accounts, and compromise business emails. First seen on hackread.com Jump to article: hackread.com/infostealers-as-a-service-identity-hacks-record-highs/
-
BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally
A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries.These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures,…
-
M&S boss says firms should be legally required to report cyber-attacks
Two hacks affecting big UK companies have gone unreported in recent months, Archie Norman tells MPs<ul><li><a href=”https://www.theguardian.com/business/live/2025/jul/08/stock-markets-trump-tariff-letters-august-deadline-obr-uk-public-finances-marks-spencer-cyber-hack-business-live-news-updates”>Business live latest updates</li></ul>UK businesses should be legally required to report major cyber-attacks, the boss of Marks & Spencer has suggested as he claimed two hacks involving “large British companies” had gone unreported in recent months.In evidence to MPs…
-
The Q-Day Countdown: What It Is and Why You Should Care
On Q-Day, everything we’ve protected with current crypto from seemingly mundane but confidential data such as email, bank transactions and medical records, to critical infrastructure, and government secrets all built on a foundation of trust could no longer be trusted. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/the-q-day-countdown-what-it-is-and-why-you-should-care/
-
Sparkassen: OLG hält Log-in für Onlinebanking für nicht sicher genug
Tags: financeBei einem Phishingangriff verlor ein Sparkassen-Kunde viel Geld. Die Bank muss ihm einen Teil davon erstatten, entschied das OLG Dresden. First seen on golem.de Jump to article: www.golem.de/news/sparkassen-olg-haelt-log-in-fuer-onlinebanking-fuer-nicht-sicher-genug-2507-197862.html
-
BEC Frauds The Missing Link Your Friendly Neighborhood Bank
Until regulators, courts and litigants begin to hold receiving banks accountable, BEC fraud will remain practically immune from deterrence. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/bec-frauds-the-missing-link-your-friendly-neighborhood-bank/
-
IT Worker arrested for selling access in $100M PIX cyber heist
Brazil arrests IT worker João Roque for aiding $100M PIX cyber heist, one of Brazil’s biggest banking system breaches. Brazilian police arrested João Roque (48), an IT employee at C&M, for allegedly aiding a cyberattack that stole over 540 million reais (~$100 million) via the PIX banking system. The company C&M links smaller banks to…
-
Empowered employees strengthen financial sector digital resilience
Ensuring that any organisation can withstand, respond effectively to and recover quickly from ICT disruptions is a strategic imperative. This is particularly true within the financial sector. The Digital Operational Resilience Act (DORA), which became mandatory on 17 January this year, was put in place to serve as a robust standard for resilience. It doesn’t…
-
Nearly 300,000 people were impacted by cyberattack on Nova Scotia Power
An investigation revealed that hackers had access to the utility’s critical systems, allowing them to steal sensitive information like driver’s license numbers, Canadian Social Insurance information and bank account details. First seen on therecord.media Jump to article: therecord.media/thousands-impacted-cyber-nova-scotia
-
Employee gets $920 for credentials used in $140 million bank heist
Hackers stole nearly $140 million from six banks in Brazil by using an employee’s credentials from C&M, a company that offers financial connectivity solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/employee-gets-920-for-credentials-used-in-140-million-bank-heist/
-
Employee arrested after Brazil’s central bank service provider hacked for US $140 million
This month could barely have started any worse for some financial institutions in Brazil. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/employee-arrested-after-brazils-central-bank-service-provider-hacked-for-us-140-million
-
Qwizzserial Android Malware Masquerades as Legit Apps to Steal Banking Data and Intercept 2FA SMS
A new and alarming Android malware family, dubbed Qwizzserial, has emerged as a significant threat, particularly targeting users in Uzbekistan. Discovered by Group-IB in March 2024, this SMS stealer is designed to intercept two-factor authentication (2FA) codes and steal sensitive banking information, posing a severe risk to personal and financial security. Disguised as legitimate applications…
-
Has CISO become the least desirable role in business?
Tags: advisory, ai, business, cio, ciso, control, corporate, cybersecurity, data, dora, finance, governance, international, jobs, network, office, regulation, resilience, risk, sap, skills, startup, threatGeorge Gerchow, CSO, Bedrock Security George Gerchow / Bedrock Security”I’ll never report to a CTO or CFO again. I have to have seat at the table,” he says emphatically. Otherwise, he says, you become frustrated “because you’re not in control of your own destiny. You’re parsing everything to this other person who’s a leader in…
-
Qantas attack reveals one phone call is all it takes to crack cybersecurity’s weakest link: humans
Tags: access, attack, breach, cyber, cybercrime, cybersecurity, data, data-breach, email, finance, healthcare, phone, riskOther sectors also at risk from attacks, including healthcare, finance and telecommunications, expert warns<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>All it can take is a phone call. That’s what <a href=”https://www.theguardian.com/business/2025/jul/02/qantas-confirms-cyber-attack-exposes-records-of-up-to-6-million-customers”>Qantas learned this week when the personal information of up to 6 million customers was stolen by cybercriminals…
-
Brazilian financial entities affected by cyberattack against tech provider
First seen on scworld.com Jump to article: www.scworld.com/brief/brazilian-financial-entities-affected-by-cyberattack-against-tech-provider
-
China-linked group Houken hit French organizations using zero-days
China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set,…
-
New Fake Marketplace From China Mimics Top Retail Brands for Fraud
Silent Push exposes thousands of fake e-commerce websites spoofing major brands like Apple and Michael Kors. Learn how this Chinese phishing scam targets shoppers and steals financial data, impacting global consumers. First seen on hackread.com Jump to article: hackread.com/china-fake-marketplace-mimics-top-retail-brands-fraud/
-
Beware of Fake Chinese E-Commerce Sites Imitating Apple, Wrangler, and Exploiting Payment Services like MasterCard and PayPal
A sophisticated phishing campaign, initially spotlighted by Mexican journalist Ignacio Gómez Villaseñor, has evolved into a sprawling global threat, as revealed by Silent Push Threat Analysts. What began as a targeted attack on Spanish-language audiences during Mexico’s “Hot Sale 2025” an annual sales event akin to Black Friday has expanded into a massive fake marketplace…
-
China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year
French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/france-government-ivanti-zero-days-china/
-
Attackers Impersonate Top Brands in Callback Phishing
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/attackers-top-brands-callback-phishing
-
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices.The campaign, detected at the beginning of First seen…
-
China Linked Houken Hackers Breach French Systems with Ivanti Zero Days
ANSSI report details the Chinese UNC5174 linked Houken cyberattack using Ivanti zero-days (CVE-2024-8190, 8963, 9380) against the French government, defence and finance sector. First seen on hackread.com Jump to article: hackread.com/china-houken-hackers-breach-french-ivanti-zero-days/
-
Ethereum’s Pivotal Role in Decentralized Finance Evolution
Once upon a time, say, 2016, Ethereum was a curious new arrival in the crypto space. It promised… First seen on hackread.com Jump to article: hackread.com/ethereum-role-in-decentralized-finance-evolution/
-
North Korean crypto thieves deploy custom Mac backdoor
North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
-
India’s Max Financial says hacker accessed customer data from its insurance unit
The insurance giant is one of the largest insurers in India. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/02/indias-max-financial-says-hacker-accessed-customer-data-from-its-insurance-unit/
-
Blind Eagle Linked to Russian Host Proton66 in Latin America Attacks
Blind Eagle hackers linked to Russian host Proton66 to target banks in Latin America using phishing and RATs. Trustwave urges stronger security. First seen on hackread.com Jump to article: hackread.com/blind-eagle-russian-host-proton66-latin-america-attacks/
-
YONO SBI Banking App Vulnerability Exposes Users to Manthe-Middle Attack
A critical security flaw has been discovered in the widely used YONO SBI: Banking & Lifestyle app, potentially exposing millions of users to man-in-the-middle (MITM) attacks and putting sensitive financial data at risk. The vulnerability, catalogued as CVE-2025-45080, affects version 1.23.36 of the app, which is developed by the State Bank of India (SBI) and…
-
French cybersecurity agency confirms government affected by Ivanti hacks
ANSSI, France’s cyber agency, says a hacking campaign targeted “organizations from governmental, telecommunications, media, finance, and transport sectors,” using vulnerabilities in an Ivanti appliance. First seen on therecord.media Jump to article: therecord.media/france-anssi-report-ivanti-bugs-exploited